15 matches found
CVE-2025-60739
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
CVE-2025-60738
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...
CVE-2025-60738
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...
CVE-2025-60737
CVE-2025-60737 concerns a Cross Site Scripting vulnerability in the Ilevia EVE X1 Server Firmware (versions <= 4.7.18.0.eden:Logic
CVE-2025-34517 Ilevia EVE X1 Server 4.7.18.0.eden Absolute Path Traversal
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...
EUVD-2025-34809
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...
CVE-2025-34517
Ilevia EVE X1 Server firmware
CVE-2025-34514 Ilevia EVE X1 Server 4.7.18.0.eden Authenticated Command Injection
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and...
CVE-2025-34519 Ilevia EVE X1 Server 4.7.18.0.eden Insecure Hashing Algorithm
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...
CVE-2025-34512
The CVE-2025-34512 entry affects Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden, with multiple publicly disclosed issues summarized in connected documents: a pre-authentication file disclosure via the db_log POST parameter; an unauthenticated OS command injection in /ajax/php/login.php vi...
CVE-2025-34515 Ilevia EVE X1 Server 4.7.18.0.eden Root Privilege Escalation
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in syncproject.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...
CVE-2025-34516
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...
CVE-2025-34516 Ilevia EVE X1 Server 4.7.18.0.eden Use of Default Credentials
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...
CVE-2025-34516
CVE-2025-34516 affects Ilevia EVE X1 Server firmware
PT-2025-42500
Name of the Vulnerable Software and Affected Versions Ilevia EVE X1 Server firmware versions through 4.7.18.0.eden Description The software contains a reflected cross-site scripting XSS issue in the index.php file. An unauthenticated attacker can leverage this to execute arbitrary code. The vendo...